HAB fast authentication errors on the i.MX8MN?

ov-krk · ‎12-06-2024

Hello,

I have been trying to authenticate boot images on the i.MX8MN without success so far.

I use a python script which

- copies all input binaries to imx-mkimage to generate a signable boot image and calls into the Makefile located there

- generates a CSF on the basis of imx-mkimage's output and gives it to the code signing tool.

Here is the offset dump of imx-mkimage:

========= IVT HEADER [HDMI FW] =========
header.tag: 		0x0
header.length: 		0x0
header.version: 	0x0
entry: 			0x0
reserved1: 		0x0
dcd_ptr: 		0x0
boot_data_ptr: 		0x0
self: 			0x0
csf: 			0x0
reserved2: 		0x0
boot_data.start: 	0x0
boot_data.size: 	0x0
boot_data.plugin: 	0x0
========= IVT HEADER [PLUGIN] =========
header.tag: 		0x0
header.length: 		0x0
header.version: 	0x0
entry: 			0x0
reserved1: 		0x0
dcd_ptr: 		0x0
boot_data_ptr: 		0x0
self: 			0x0
csf: 			0x0
reserved2: 		0x0
boot_data.start: 	0x0
boot_data.size: 	0x0
boot_data.plugin: 	0x0
========= IVT HEADER [LOADER IMAGE] =========
header.tag: 		0xd1
header.length: 		0x2000
header.version: 	0x41
entry: 			0x912000
reserved1: 		0x0
dcd_ptr: 		0x0
boot_data_ptr: 		0x911fe0
self: 			0x911fc0
csf: 			0x9405c0
reserved2: 		0x0
boot_data.start: 	0x911fc0
boot_data.size: 	0x30660
boot_data.plugin: 	0x0
========= OFFSET dump =========
Loader IMAGE:
 header_image_off 	0x0
 dcd_off 		0x0
 image_off 		0x40
 csf_off 		0x2e600
 spl hab block: 	0x911fc0 0x0 0x2e600

Second Loader IMAGE:
 sld_header_off 	0x58000
 sld_csf_off 		0x59020
 sld hab block: 	0x401fcdc0 0x58000 0x1020

Here is the CSF for SPL:

[Header]
    # This should in theory set us up for fast authentication,
    # and should have a positive impact on boot time.
    Version = 4.5
    Hash Algorithm = sha256
    Engine = ANY
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    # File is defined
    File = "/workspace/app/dev/keys/bootrom-hab/crts/SRK_1_2_3_4_table.bin"
    # Index of the key location in the SRK table to be installed
    Source index = 0

[Install NOCAK]
    # Key slot index used to authenticate the key to be installed
    # Target key slot in HAB key store where key will be installed
    # Key to install
    File = "/workspace/app/dev/keys/bootrom-hab/crts/SRK1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]
    Engine = CAAM
    Features = MID

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 0
    # Authenticate Start Address, Offset, Length and file
    Blocks = 0x00911fc0 0x00000000 0x0002e600 "/workspace/imx-mkimage/iMX8M/spl_atf_uboot.signed.bin"

Here is the CSF for ATF and U-Boot:

[Header]
    # This should in theory set us up for fast authentication,
    # and should have a positive impact on boot time.
    Version = 4.5
    Hash Algorithm = sha256
    Engine = ANY
    Engine Configuration = 0
    Certificate Format = X509
    Signature Format = CMS

[Install SRK]
    # File is defined
    File = "/workspace/app/dev/keys/bootrom-hab/crts/SRK_1_2_3_4_table.bin"
    # Index of the key location in the SRK table to be installed
    Source index = 0

[Install NOCAK]
    # Key slot index used to authenticate the key to be installed
    # Target key slot in HAB key store where key will be installed
    # Key to install
    File = "/workspace/app/dev/keys/bootrom-hab/crts/SRK1_sha256_secp384r1_v3_usr_crt.pem"

[Authenticate CSF]

[Unlock]
    Engine = CAAM
    Features = MID

[Authenticate Data]
    # Key slot index used to authenticate the image data
    Verification index = 0
    # Authenticate Start Address, Offset, Length and file
    Blocks = 0x401fcdc0 0x00058000 0x00001020 "/workspace/imx-mkimage/iMX8M/spl_atf_uboot.signed.bin", \
             0x40200000 0x0005b000 0x000960e0 "/workspace/imx-mkimage/iMX8M/spl_atf_uboot.signed.bin", \
             0x402960e0 0x000f10e0 0x00008130 "/workspace/imx-mkimage/iMX8M/spl_atf_uboot.signed.bin", \
             0x00960000 0x000f9210 0x00008080 "/workspace/imx-mkimage/iMX8M/spl_atf_uboot.signed.bin"

I have burned the SRK hash fuses on the board (bank 6, words 0-3 and bank 7, words 0-3). I also checked the values for correctness, and it seems there are no errors wrt. what the SRK_1_2_3_4_fuse.bin file contains.

But I get the following HAB events:

- In SPL, just before we try to authenticate the next images, so I assume these are HAB events directly related to SPL, emitted by the bootrom:

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x18 0xc0 0x00
        0xca 0x00 0x0c 0x00 0x01 0xc5 0x00 0x00
        0x00 0x00 0x04 0x0c

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x00 0x91 0x1f 0xc0
        0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x00 0x91 0x1f 0xe0
        0x00 0x00 0x00 0x0c

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 4 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x00 0x91 0x20 0x00
        0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

- In U-Boot proper, after calling hab_status:

HAB Configuration: 0xf0, HAB State: 0x66

--------- HAB Event 1 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x18 0xc0 0x00
        0xca 0x00 0x0c 0x00 0x01 0xc5 0x00 0x00
        0x00 0x00 0x04 0x24

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 2 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x40 0x1f 0xdd 0xc0
        0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 3 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x18 0xc0 0x00
        0xca 0x00 0x0c 0x00 0x01 0xc5 0x00 0x00
        0x00 0x00 0x04 0x0c

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_SIGNATURE (0x18)
CTX = HAB_CTX_COMMAND (0xC0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 4 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x00 0x91 0x1f 0xc0
        0x00 0x00 0x00 0x20

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 5 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x00 0x91 0x1f 0xe0
        0x00 0x00 0x00 0x0c

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 6 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x00 0x91 0x20 0x00
        0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)


--------- HAB Event 7 -----------------
event data:
        0xdb 0x00 0x14 0x45 0x33 0x0c 0xa0 0x00
        0x00 0x00 0x00 0x00 0x40 0x1f 0xcd 0xc0
        0x00 0x00 0x00 0x04

STS = HAB_FAILURE (0x33)
RSN = HAB_INV_ASSERTION (0x0C)
CTX = HAB_CTX_ASSERT (0xA0)
ENG = HAB_ENG_ANY (0x00)

I gather that if I can get rid of the assertion errors if I get to resolve the HAB_INV_SIGNATURE errors, as the former would seem to relate to unauthenticated memory regions.

So, I have got two unresolved questions related to this:

- How do I go about resolving these HAB events? I have sadly been stuck for more than a week on this, and the errors do not differ between an unfused and a fused board, using the exact same boot images. As far as I can see, I am doing the process correctly and writing the CSF binaries to the csf offsets provided by imx-mkimage.

- Installing any other SRK than SRK1 and trying to use it to authenticate an image yields me a HAB_INV_KEY event. This, at the very least, should give me the same events as with SRK1, no?

Kind regards,

Oskar

Harvey021 · ‎12-10-2024

Hi,

The given the context is HAB_CTX_COMMAND this means the remaining bytes correspond to the CSF command that caused the event.

And An assertion event means that one of the following required areas is not signed as documented in the Operation section for authenticate_image() API:
• IVT;
• DCD (if provided);
• Boot Data (initial byte - if provided);
• Entry point (initial word).

You wil find more information if reference to HAB v4 API which can be found from CST tool

IMX_CST_TOOL_NEW

Regards

Harvey

HAB fast authentication errors on the i.MX8MN?

HAB fast authentication errors on the i.MX8MN?

i.MX 8M | i.MX 8M Mini | i.MX 8M Nano

Security